Comment # 24 on bug 881506 from 
(In reply to Petr Gajdos from comment #23)
> According to that you said in comment 18, it should work if access_compat is
> loaded in addition to authz_core. authz_core, as the prefered one, would be
> unloadable only with significant change to config.

yes, this should work.

what i was saying before is, if you make authz_core syntax the default, and
config files contain "Require all denied" just like that, then i don't see any
advantage from making mod_authz_core unloadable.
Because: when you unload the module, apache will completely break because it
won't be able to parse the "Require" statements. So if you want to unload it,
you need to rewrite the config, and if you're rewriting the config, you can as
well remove all "Require" statements and keep the module loaded.
(unless there is something i'm missing, or unless we're potentially optimizing
for server memory footprint, or something)

Also please note that mod_authz_core is just the *core* module for the new
access control method, and all mod_authz_* depend on it -- so if authz_core is
unloadable, all the authz_* must be unloadable as well.

> For other configuration files:
> 1. new syntax would work always with our default conf,

if you're talking about modules separate from the apache package, then no --
new syntax is accepted but doesn't enable access if mod_access_compat is
present.
Modules must check for both and use both syntax variants.

> 2. old syntax should start to work after access_compat is loaded

again, no -- old syntax, without new syntax, is not sufficient to enable
access, if new syntax disabled it

> 3. mix of new and old syntax would work as long as access_compat is loaded
> and there is not contradiction (one permits and second forbids). Both types
> of conditionals (comment 7, comment 18) should work.

comment 7 never works, because it is if/else. (enabling access for authz_core
only when access_compat is unloaded; when both are loaded, this is wrong)
to reliably enable both, we need if+if
comment 18 always works (it's the if+if variant)

You are receiving this mail because: